CLAIMS 

We claim: 

1. A method for establishing a secure conduit for SMS communication 
with a wireless terminal, comprising: 

a) encrypting an authorization key in response to a first SMS message from 
the wireless terminal comprising a public key and a request for the authorization 
key; 

b) sending to the wireless terminal a second SMS message comprising the 
encrypted authorization key; 

c) decrypting a third SMS message from the wireless terminal comprising 
an authentication code and a request for a traffic key; 

d) authenticating the third SMS message; 

e) encrypting the traffic key; and 

f) sending to the wireless terminal a fourth SMS message comprising the 
traffic key. — --- — — - 

2. The method of claim 1 , further comprising: 

generating at least three keys, comprising a key encryption key, an 
upstream message authentication key, and a downstream authentication key. 

3. The method of claim 1, wherein the wireless terminal is a wireless 
telephone. 

4. The method of claim 1, wherein the authentication code is a hash-based 
message authentication code digest. 

5. The method of claim 1, wherein the secure conduit is for conveying 
credit card transactions. 

6. The method of claim 1, wherein the secure conduit is for conveying 
medical information. 

7. An apparatus for establishing a secure conduit for SMS communication 
with a wireless terminal, comprising: 

a) first cryptographic means for encrypting an authorization key in response 
to a first SMS message from the wireless terminal comprising a public key and a 
request for the authorization key; 

b) communication means for sending to the wireless terminal a second 
SMS message comprising the encrypted authorization key; 
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c) second cryptographic means for decrypting a third SMS message from 
the wireless terminal comprising an authentication code and a request for a traffic 
key; 

d) upstream message authentication key means for authenticating the third 
5 SMS message; and 

e) third cryptographic means for encrypting the traffic key; 

wherein the communication means is also means for sending to the wireless 
terminal a fourth SMS message comprising the traffic key. 

8. The apparatus of claim 7, further comprising: 
1 0 fourth cryptographic means for generating at least three keys, comprising a 

key encryption key, an upstream message authentication key, and a downstream 
authentication key. 

U 9. The apparatus of claim 7, wherein the wireless terminal is a wireless 

H telephone. 

Jp 15 10. The apparatus of claim 7, wherein the authentication code is a hash- 

."S based message authentication code digest. 

y 1 11. The apparatus of claim 7, wherein the secure conduit is for conveying 

.U credit card transactions. 

*1 12. The apparatus of claim 7, wherein the secure conduit is for conveying 

00 20 medical information. 

^ 13. A computer-readable medium having stored thereon a plurality of 

instructions, the plurality of instructions including instructions which, when 
executed by a processor, cause the processor to establish a secure conduit for SMS 
communication with a wireless terminal, by: 
25 a) encrypting an authorization key in response to a first SMS message from 

the wireless terminal comprising a public key and a request for the authorization 
key; 

b) creating a second message comprising the encrypted authorization key; 

c) decrypting a third SMS message from the wireless terminal comprising 
30 an authentication code and a request for a traffic key; 

d) authenticating the third SMS message; 

e) encrypting the traffic key; and 

f) creating a fourth message comprising the traffic key. 



14. The computer-readable medium of claim 13, wherein the plurality of 
instructions includes further instructions which, when executed by a processor, 
cause the processor to perform the additional step of: 

generating at least three keys, comprising a key encryption key, an 
upstream message authentication key, and a downstream authentication key. 

15. The computer-readable medium of claim 13, wherein the wireless 
terminal is a wireless telephone. 

16. The computer-readable medium of claim 13, wherein the 
authentication code is a hash-based message authentication code digest. 

17. The computer-readable medium of claim 13, wherein the secure 
conduit is for conveying credit card transactions. 

18. The computer-readable medium of claim 13, wherein the secure 
conduit is for conveying medical information. 



